[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   19.692090] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   24.371964] random: sshd: uninitialized urandom read (32 bytes read)
[   24.694842] random: sshd: uninitialized urandom read (32 bytes read)
[   25.441472] random: sshd: uninitialized urandom read (32 bytes read)
[  544.405181] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.50' (ECDSA) to the list of known hosts.
[  550.032167] random: sshd: uninitialized urandom read (32 bytes read)
2018/05/20 20:39:23 parsed 1 programs
2018/05/20 20:39:23 executed programs: 0
[  550.596632] IPVS: ftp: loaded support on port[0] = 21
[  550.736553] bridge0: port 1(bridge_slave_0) entered blocking state
[  550.743066] bridge0: port 1(bridge_slave_0) entered disabled state
[  550.750651] device bridge_slave_0 entered promiscuous mode
[  550.768920] bridge0: port 2(bridge_slave_1) entered blocking state
[  550.775384] bridge0: port 2(bridge_slave_1) entered disabled state
[  550.782430] device bridge_slave_1 entered promiscuous mode
[  550.799236] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  550.818139] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  550.867659] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  550.887476] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  550.957799] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  550.965194] team0: Port device team_slave_0 added
[  550.980511] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  550.987612] team0: Port device team_slave_1 added
[  551.003534] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  551.021571] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  551.040104] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  551.057999] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  551.196614] bridge0: port 2(bridge_slave_1) entered blocking state
[  551.203121] bridge0: port 2(bridge_slave_1) entered forwarding state
[  551.210192] bridge0: port 1(bridge_slave_0) entered blocking state
[  551.216574] bridge0: port 1(bridge_slave_0) entered forwarding state
[  551.700708] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[  551.706858] 8021q: adding VLAN 0 to HW filter on device bond0
[  551.714665] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  551.755589] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  551.803347] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  551.809638] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  551.817062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  551.861044] 8021q: adding VLAN 0 to HW filter on device team0
2018/05/20 20:39:28 executed programs: 132
2018/05/20 20:39:33 executed programs: 313
2018/05/20 20:39:38 executed programs: 494
2018/05/20 20:39:43 executed programs: 683
2018/05/20 20:39:48 executed programs: 863
2018/05/20 20:39:53 executed programs: 1046
2018/05/20 20:39:58 executed programs: 1229
2018/05/20 20:40:03 executed programs: 1416
2018/05/20 20:40:08 executed programs: 1600
2018/05/20 20:40:13 executed programs: 1776
2018/05/20 20:40:18 executed programs: 1949
[  607.118807] kasan: CONFIG_KASAN_INLINE enabled
[  607.124294] kasan: GPF could be caused by NULL-ptr deref or user memory access
[  607.131705] general protection fault: 0000 [#1] SMP KASAN
[  607.137248] Dumping ftrace buffer:
[  607.140772]    (ftrace buffer empty)
[  607.144461] Modules linked in:
[  607.147650] CPU: 0 PID: 12915 Comm: syz-executor0 Not tainted 4.17.0-rc5+ #85
[  607.154908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  607.164281] RIP: 0010:__radix_tree_delete+0x74/0x230
[  607.169366] RSP: 0018:ffff8801b7a2f168 EFLAGS: 00010a06
[  607.174716] RAX: 1bffff8000000000 RBX: dffffc0000000000 RCX: 1ffff10036f45e4a
[  607.181976] RDX: 0000000000000000 RSI: ffffffff876910ed RDI: ffff8801ac0498a8
[  607.189246] RBP: ffff8801b7a2f208 R08: ffff8801aec32240 R09: ffffed00358092f9
[  607.196511] R10: ffff8801b7a2f318 R11: ffff8801ac0497cf R12: 0000000000000000
[  607.203780] R13: ffff8801ac0498a8 R14: dffffc0000000000 R15: ffff8801b7a2f290
[  607.211052] FS:  0000000000000000(0000) GS:ffff8801dae00000(0063) knlGS:00000000f7f97b40
[  607.219270] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  607.225144] CR2: 00007f0b219bc000 CR3: 00000001b1771000 CR4: 00000000001426f0
[  607.232406] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  607.239679] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  607.246935] Call Trace:
[  607.249515]  ? find_held_lock+0x36/0x1c0
[  607.253577]  ? radix_tree_tag_clear+0x490/0x490
[  607.258246]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  607.263798]  radix_tree_delete_item+0x148/0x2d0
[  607.268470]  ? radix_tree_lookup+0x30/0x30
[  607.272703]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  607.277811]  ? retint_kernel+0x10/0x10
[  607.281701]  idr_remove+0x46/0x60
[  607.285151]  kvm_vm_ioctl_hv_eventfd+0x1df/0x24b
[  607.289907]  kvm_arch_vm_ioctl+0x155e/0x2690
[  607.294314]  ? kvm_vm_ioctl_irq_line+0x160/0x160
[  607.299080]  ? check_same_owner+0x320/0x320
[  607.303427]  ? do_raw_spin_unlock+0x9e/0x2e0
[  607.307847]  ? rcu_note_context_switch+0x710/0x710
[  607.312775]  ? lock_acquire+0x1dc/0x520
[  607.316750]  ? __might_sleep+0x95/0x190
[  607.320723]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  607.326265]  ? futex_wait_queue_me+0x550/0x820
[  607.330846]  ? refill_pi_state_cache.part.7+0x300/0x300
[  607.336212]  ? kasan_check_write+0x14/0x20
[  607.340452]  ? do_raw_spin_lock+0xc1/0x200
[  607.344694]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  607.350233]  ? get_futex_value_locked+0xcb/0xf0
[  607.354897]  ? print_usage_bug+0xc0/0xc0
[  607.358959]  ? futex_wait_setup+0x279/0x400
[  607.363272]  ? debug_check_no_locks_freed+0x310/0x310
[  607.368461]  ? futex_wake+0x750/0x750
[  607.372256]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  607.377454]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  607.382986]  ? __lock_acquire+0x7f5/0x5140
[  607.387221]  ? __save_stack_trace+0x7e/0xd0
[  607.391536]  ? debug_check_no_locks_freed+0x310/0x310
[  607.396717]  ? drop_futex_key_refs.isra.13+0x6d/0xe0
[  607.401807]  ? futex_wake+0x2f6/0x750
[  607.405603]  ? pick_next_task_fair+0x97c/0x1780
[  607.410353]  kvm_vm_ioctl+0x246/0x1d90
[  607.414244]  ? kvm_set_memory_region+0x50/0x50
[  607.418818]  ? lock_downgrade+0x8e0/0x8e0
[  607.422954]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  607.428140]  ? do_futex+0x249/0x27d0
[  607.431852]  ? kasan_check_read+0x11/0x20
[  607.436001]  ? do_raw_spin_unlock+0x9e/0x2e0
[  607.440451]  ? graph_lock+0x170/0x170
[  607.444256]  ? compat_start_thread+0x80/0x80
[  607.448663]  ? _raw_spin_unlock_irq+0x27/0x70
[  607.453152]  ? exit_robust_list+0x290/0x290
[  607.457460]  ? _raw_spin_unlock_irq+0x27/0x70
[  607.461950]  ? find_held_lock+0x36/0x1c0
[  607.466010]  ? lock_downgrade+0x8e0/0x8e0
[  607.470163]  ? kasan_check_read+0x11/0x20
[  607.474311]  ? rcu_is_watching+0x85/0x140
[  607.478470]  ? rcu_bh_force_quiescent_state+0x20/0x20
[  607.483661]  ? __fget+0x40c/0x650
[  607.487110]  ? kasan_check_write+0x1/0x20
[  607.491254]  ? expand_files.part.8+0x9a0/0x9a0
[  607.496001]  ? trace_hardirqs_off+0xd/0x10
[  607.500238]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[  607.505330]  ? debug_check_no_obj_freed+0x2ff/0x584
[  607.510431]  ? kasan_check_read+0x11/0x20
[  607.514567]  ? __fget_light+0x2ef/0x430
[  607.518532]  kvm_vm_compat_ioctl+0x13b/0x420
[  607.522939]  ? kvm_vm_ioctl+0x1d90/0x1d90
[  607.527085]  ? __ia32_compat_sys_futex+0x3de/0x5e0
[  607.532005]  ? __x32_compat_sys_get_robust_list+0x430/0x430
[  607.537713]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  607.543249]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  607.548426]  ? kvm_vm_ioctl+0x1d90/0x1d90
[  607.552577]  __ia32_compat_sys_ioctl+0x221/0x640
[  607.557340]  do_fast_syscall_32+0x345/0xf9b
[  607.561694]  ? do_int80_syscall_32+0x880/0x880
[  607.566280]  ? _raw_spin_unlock_irq+0x27/0x70
[  607.570788]  ? finish_task_switch+0x1ca/0x840
[  607.575302]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  607.580837]  ? syscall_return_slowpath+0x30f/0x5c0
[  607.585772]  ? sysret32_from_system_call+0x5/0x46
[  607.590605]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  607.595451]  entry_SYSENTER_compat+0x70/0x7f
[  607.599862] RIP: 0023:0xf7f9bcb9
[  607.603212] RSP: 002b:00000000f7f970ac EFLAGS: 00000282 ORIG_RAX: 0000000000000036
[  607.611346] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 000000004018aebd
[  607.618616] RDX: 0000000020000140 RSI: 0000000000000000 RDI: 0000000000000000
[  607.625873] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  607.633131] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  607.640388] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  607.647742] Code: 46 9a 88 48 c7 45 88 80 10 69 87 c7 00 f1 f1 f1 f1 c7 40 04 00 f2 f2 f2 c7 40 08 f3 f3 f3 f3 e8 03 1e 10 fa 4c 89 f0 48 c1 e8 03 <80> 3c 18 00 0f 85 97 01 00 00 48 8d 55 d8 4c 8d 7a c0 49 8b 1e 
[  607.666915] RIP: __radix_tree_delete+0x74/0x230 RSP: ffff8801b7a2f168
[  607.673559] ---[ end trace 4a786fed1c1a9106 ]---
[  607.678347] Kernel panic - not syncing: Fatal exception
[  607.684267] Dumping ftrace buffer:
[  607.687797]    (ftrace buffer empty)
[  607.691502] Kernel Offset: disabled
[  607.695120] Rebooting in 86400 seconds..